[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 21 Jul 2023 13:20:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e088f505 by Salvatore Bonaccorso at 2023-07-21T22:19:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2023-3822 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
pimcore/pi ...)
-       TODO: check
+       NOT-FOR-US: pimcore
 CVE-2023-3821 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pimcore/pimco ...)
-       TODO: check
+       NOT-FOR-US: pimcore
 CVE-2023-3820 (SQL Injection in GitHub repository pimcore/pimcore prior to 
10.6.4.)
-       TODO: check
+       NOT-FOR-US: pimcore
 CVE-2023-3819 (Exposure of Sensitive Information to an Unauthorized Actor in 
GitHub r ...)
-       TODO: check
+       NOT-FOR-US: pimcore
 CVE-2023-3102 (A sensitive information leak issue has been discovered in 
GitLab EE af ...)
        TODO: check
 CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise 
before 1. ...)
-       TODO: check
+       NOT-FOR-US: Metabase
 CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-38173 (Microsoft Edge for Android Spoofing Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-37915 (OpenDDS is an open source C++ implementation of the Object 
Management  ...)
        TODO: check
 CVE-2023-37905 (ckeditor-wordcount-plugin is an open source WordCount Plugin 
for CKEdi ...)
        TODO: check
 CVE-2023-37903 (vm2 is an open source vm/sandbox for Node.js. In vm2 for 
versions up t ...)
-       TODO: check
+       NOT-FOR-US: Node vm2
 CVE-2023-37901 (Indico is an open source a general-purpose, web based event 
management ...)
-       TODO: check
+       NOT-FOR-US: CERN Indico
 CVE-2023-37742 (WebBoss.io CMS before v3.6.8.1 was discovered to contain a 
reflected c ...)
-       TODO: check
+       NOT-FOR-US: WebBoss.io CMS
 CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0 allows 
attackers to a ...)
-       TODO: check
+       NOT-FOR-US: WebBoss.io CMS
 CVE-2023-35392 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-3815 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: y_project RuoYi
 CVE-2023-3813 (The Jupiter X Core plugin for WordPress is vulnerable to 
arbitrary fil ...)
@@ -23803,7 +23803,7 @@ CVE-2023-26302 (Denial of service could be caused to 
the command line interface
        NOTE: https://github.com/executablebooks/markdown-it-py/pull/247
        NOTE: 
https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c
 (v2.2.0)
 CVE-2023-26301 (Certain HP LaserJet Pro print products are potentially 
vulnerable to a ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2023-26300
        RESERVED
 CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU) 
vulnerability has be ...)
@@ -25141,9 +25141,9 @@ CVE-2023-25843
 CVE-2023-25842
        RESERVED
 CVE-2023-25841 (There is a stored Cross-site Scripting vulnerability in Esri 
ArcGIS Se ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2023-25840 (There is a Cross-site Scripting vulnerabilityin ArcGIS Server 
in versi ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights 
Desktop f ...)
        NOT-FOR-US: Esri ArcGIS
 CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 
2022.1 for ...)
@@ -39014,7 +39014,7 @@ CVE-2023-22057 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
 CVE-2023-22056 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22055 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22054 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22053 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
@@ -39024,7 +39024,7 @@ CVE-2023-22052 (Vulnerability in the Java VM component 
of Oracle Database Server
 CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle 
GraalVM ...)
        NOT-FOR-US: Oracle
 CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator 
product of  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 <unfixed>
        - openjdk-11 11.0.20+8-1
@@ -120193,7 +120193,7 @@ CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x 
before 4.13.4 (when instal
 CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE 
(external X ...)
        NOT-FOR-US: KNIME Analytics Platform
 CVE-2021-45094 (Imprivata Privileged Access Management (formally Xton 
Privileged Acces ...)
-       TODO: check
+       NOT-FOR-US: Imprivata Privileged Access Management
 CVE-2021-45093
        RESERVED
 CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html 
reachab ...)
@@ -138540,7 +138540,7 @@ CVE-2021-39824 (Adobe Premiere Elements version 
2021.2235820 (and earlier) is af
 CVE-2021-39823 (Adobe svg-native-viewer 
8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...)
        NOT-FOR-US: Adobe
 CVE-2021-39822 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and 
earlier) a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and 
earlier) a ...)
        NOT-FOR-US: Adobe
 CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and 
earlier) i ...)
@@ -139478,7 +139478,7 @@ CVE-2021-39427 (Cross site scripting vulnerability in 
188Jianzhan 2.10 allows at
 CVE-2021-39426 (An issue was discovered in /Upload/admin/admin_notify.php in 
Seacms 11 ...)
        NOT-FOR-US: Seacms
 CVE-2021-39425 (SeedDMS v6.0.15 was discovered to contain an open redirect 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: SeedDMS
 CVE-2021-39424
        RESERVED
 CVE-2021-39423
@@ -214452,7 +214452,7 @@ CVE-2020-22161
 CVE-2020-22160
        RESERVED
 CVE-2020-22159 (EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 
27, and ...)
-       TODO: check
+       NOT-FOR-US: EVERTZ devices
 CVE-2020-22158 (MediaKind (formerly Ericsson) RX8200 5.13.3 devices are 
vulnerable to  ...)
        NOT-FOR-US: Ericsson RX8200 5.13.3 devices
 CVE-2020-22157



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e088f505884f74aea7a24ae039ff53f5568a0dcf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e088f505884f74aea7a24ae039ff53f5568a0dcf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to